Visualization of Misuse-Based IntrusionDetection: Application to Honeynet Data

摘要

This study presents a novel soft computing system that provides net-work managers with a synthetic and intuitive representation of the situation of themonitored network, in order to reduce the widely known high false-positive rateassociated to misuse-based Intrusion Detection Systems (IDSs). The proposed sys-tem is based on the use of different projection methods for the visual inspection ofhoneypot data, and may be seen as a complementary network security tool thatsheds light on internal data structures through visual inspection. Furthermore, it isintended to understand the performance of Snort (a well-known misuse-basedIDS) through the visualization of attack patterns. Empirical verification and com-parison of the proposed projection methods are performed in a real domain wherereal-life data are defined and analyzed.